Enterprises need to update application security practices

Organizations urgently need to modernize their application security practices so that they can support growth and mitigate risks according to a new report.

Thew study from Legit Security and TechTarget's Enterprise Strategy Group (ESG) finds nearly all organizations reporting difficulties in fixing vulnerabilities after applications are deployed, reinforcing the significance of incorporating security processes and tools in the build process.

"Organizations are increasingly adopting new technologies so that they can bolster their software development, and as modern development has changed, so have attacker tactics," says Joe Nicastro, field CTO at Legit Security. "Development teams are using cloud-native technologies to drive efficiency and optimize innovation, but this often leads to a larger attack surface due to misconfigurations, vulnerable plug-ins, and excessive permissions throughout the SDLC. In today's environment, organizations must adopt security solutions that can protect their software factory from end-to-end while providing developers with the guardrails they need to do their best work safely."

The report shows that 60 percent of enterprises use Infrastructure-as-Code to simplify infrastructure provisioning and easily deploy software applications. However, with increased IaC adoption, misconfigurations can be magnified because flaws are easily proliferated if not addressed. 67 percent of respondents report an increase in IaC misconfigurations.

45 percent of security teams supporting cloud-native development processes say understanding and managing risks related to usage of generative AI is their biggest challenge, followed by measuring and improving AppSec program effectiveness, and understanding developer environments and assets to effectively manage security.

The majority of organizations have experienced a cybersecurity event involving their cloud-native application stack in the last 12 months, with secrets stolen from a source code repository (32 percent) coming in as the most common incident.

Worryingly only 39 percent of organizations report that their security teams have visibility for certain applications, reinforcing the necessity for visibility into security testing in development.

You can read more and get the full report on the Legit Security blog.

Image credit: Funtap/depositphotos.com